Back to index

glibc  2.9
access.c
Go to the documentation of this file.
00001 /* Copyright (C) 1991, 92, 93, 94, 95, 96, 97 Free Software Foundation, Inc.
00002    This file is part of the GNU C Library.
00003 
00004    The GNU C Library is free software; you can redistribute it and/or
00005    modify it under the terms of the GNU Lesser General Public
00006    License as published by the Free Software Foundation; either
00007    version 2.1 of the License, or (at your option) any later version.
00008 
00009    The GNU C Library is distributed in the hope that it will be useful,
00010    but WITHOUT ANY WARRANTY; without even the implied warranty of
00011    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00012    Lesser General Public License for more details.
00013 
00014    You should have received a copy of the GNU Lesser General Public
00015    License along with the GNU C Library; if not, write to the Free
00016    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
00017    02111-1307 USA.  */
00018 
00019 #include <unistd.h>
00020 #include <hurd.h>
00021 #include <hurd/port.h>
00022 #include <hurd/id.h>
00023 #include <hurd/lookup.h>
00024 #include <fcntl.h>
00025 
00026 /* Test for access to FILE by our real user and group IDs.  */
00027 int
00028 __access (file, type)
00029      const char *file;
00030      int type;
00031 {
00032   error_t err;
00033   file_t rcrdir, rcwdir, io;
00034   int flags, allowed;
00035 
00036   error_t reauthenticate (int which, file_t *result)
00037     {
00038       /* Get a port to our root directory, authenticated with the real IDs.  */
00039       error_t err;
00040       mach_port_t ref;
00041       ref = __mach_reply_port ();
00042       err = HURD_PORT_USE
00043        (&_hurd_ports[which],
00044         ({
00045           err = __io_reauthenticate (port, ref, MACH_MSG_TYPE_MAKE_SEND);
00046           if (!err)
00047             err = __auth_user_authenticate (_hurd_id.rid_auth,
00048                                         ref, MACH_MSG_TYPE_MAKE_SEND,
00049                                         result);
00050           err;
00051         }));
00052       __mach_port_destroy (__mach_task_self (), ref);
00053       return err;
00054     }
00055 
00056   error_t init_port (int which, error_t (*operate) (mach_port_t))
00057     {
00058       switch (which)
00059        {
00060        case INIT_PORT_AUTH:
00061          return (*operate) (_hurd_id.rid_auth);
00062        case INIT_PORT_CRDIR:
00063          return (reauthenticate (INIT_PORT_CRDIR, &rcrdir) ?:
00064                 (*operate) (rcrdir));
00065        case INIT_PORT_CWDIR:
00066          return (reauthenticate (INIT_PORT_CWDIR, &rcwdir) ?:
00067                 (*operate) (rcwdir));
00068        default:
00069          return _hurd_ports_use (which, operate);
00070        }
00071     }
00072 
00073   rcrdir = rcwdir = MACH_PORT_NULL;
00074 
00075   HURD_CRITICAL_BEGIN;
00076 
00077   __mutex_lock (&_hurd_id.lock);
00078   /* Get _hurd_id up to date.  */
00079   if (err = _hurd_check_ids ())
00080     goto lose;
00081 
00082   if (_hurd_id.rid_auth == MACH_PORT_NULL)
00083     {
00084       /* Set up _hurd_id.rid_auth.  This is a special auth server port
00085         which uses the real uid and gid (the first aux uid and gid) as
00086         the only effective uid and gid.  */
00087 
00088       if (_hurd_id.aux.nuids < 1 || _hurd_id.aux.ngids < 1)
00089        {
00090          /* We do not have a real UID and GID.  Lose, lose, lose!  */
00091          err = EGRATUITOUS;
00092          goto lose;
00093        }
00094 
00095       /* Create a new auth port using our real UID and GID (the first
00096         auxiliary UID and GID) as the only effective IDs.  */
00097       if (err = __USEPORT (AUTH,
00098                         __auth_makeauth (port,
00099                                        NULL, MACH_MSG_TYPE_COPY_SEND, 0,
00100                                        _hurd_id.aux.uids, 1,
00101                                        _hurd_id.aux.uids,
00102                                        _hurd_id.aux.nuids,
00103                                        _hurd_id.aux.gids, 1,
00104                                        _hurd_id.aux.gids,
00105                                        _hurd_id.aux.ngids,
00106                                        &_hurd_id.rid_auth)))
00107        goto lose;
00108     }
00109 
00110   if (!err)
00111     /* Look up the file name using the modified init ports.  */
00112     err = __hurd_file_name_lookup (&init_port, &__getdport, 0,
00113                                file, 0, 0, &io);
00114 
00115   /* We are done with _hurd_id.rid_auth now.  */
00116  lose:
00117   __mutex_unlock (&_hurd_id.lock);
00118 
00119   HURD_CRITICAL_END;
00120 
00121   if (rcrdir != MACH_PORT_NULL)
00122     __mach_port_deallocate (__mach_task_self (), rcrdir);
00123   if (rcwdir != MACH_PORT_NULL)
00124     __mach_port_deallocate (__mach_task_self (), rcwdir);
00125   if (err)
00126     return __hurd_fail (err);
00127 
00128   /* Find out what types of access we are allowed to this file.  */
00129   err = __file_check_access (io, &allowed);
00130   __mach_port_deallocate (__mach_task_self (), io);
00131   if (err)
00132     return __hurd_fail (err);
00133 
00134   flags = 0;
00135   if (type & R_OK)
00136     flags |= O_READ;
00137   if (type & W_OK)
00138     flags |= O_WRITE;
00139   if (type & X_OK)
00140     flags |= O_EXEC;
00141 
00142   if (flags & ~allowed)
00143     /* We are not allowed all the requested types of access.  */
00144     return __hurd_fail (EACCES);
00145 
00146   return 0;
00147 }
00148 
00149 weak_alias (__access, access)